Free Resources for Incident Response Professionals

To help make your tough job a bit easier.

Analyst Reference

More than a cheat sheet, less than a book, these are primers and references for some of the core topics incident responders need to understand.

Lateral Movement Analyst Reference

Lateral Movement Analyst Reference

Adversaries move from system to system once they compromise a network. Learn to detect lateral movement within your environment.

Download
Event Log Analyst Reference

Event Log Analyst Reference

Windows Event Logs store an increasingly rich set of data. This reference walks you through configuring, storing and analyzing Windows events.

Download
Memory Analysis with Volatility Analyst Reference

Memory Analysis with Volatility Analyst Reference

The battle for our boxes is increasingly being fought in RAM. Learn to use Volatility to hunt for evil on your systems.

Download
Credential Defense Analyst Reference

Credential Defense Analyst Reference

Most attackers use credential theft as a key tactic. This document presents key defensive controls to make your environment a harder target.

Download

Quick Reference

These are short cheat sheets that you can use to keep syntax and key facts close at hand.

Default Windows Processes Quick Reference

Default Windows Processes Quick Reference

Quick Reference on normal system processes on a Windows system, including their executable’s path on disk, the usual process tree, and descriptions of each process.

Download
WMIC Quick Reference

WMIC Quick Reference

Windows Management Instrumentation Command-line utility is a great resource for incident responders. This quick reference will help you with examples and syntax.

Download
PowerShell Quick Reference

PowerShell Quick Reference

A quick reference for exploring the immense value of PowerShell for incident response, including basic syntax and useful cmdlets.

Download

Presentations

PDFs of the slides from some of our public talks.

Pass the What Now? Understanding Credential Attacks in a Windows 11 World

Pass the What Now? Understanding Credential Attacks in a Windows 11 World

Review pass-the-hash, pass-the-ticket, and other classic attacks. Then look at Microsoft’s Modern Authentication, attacks against it, and how it relates to your environment.

Download
The Light Side of the Force: PowerShell for Incident Response

The Light Side of the Force: PowerShell for Incident Response

A high-level look at how PowerShell and PowerShell Remoting can benefit incident responders and network defenders using built-in capabilities.

Download
Pivot and Pillage: Lateral Movement within a Victim Network

Pivot and Pillage: Lateral Movement within a Victim Network

This presentation accompanies our Lateral Movement Analyst Reference PDF to highlight ways to detect and defeat hidden adversaries.

Download
BYOD or Bring Your Own Destruction

BYOD or Bring Your Own Destruction

Examine the assumptions that have gone into BYOD policies and take a moment to evaluate how reasonable our rush to embrace this approach has been.

Download
A Network Defender’s Guide to Credential Attacks

A Network Defender’s Guide to Credential Attacks

A look at common credential attacks on premise, in the cloud, and across the Internet with a goal of understanding how to prevent and detect them.

Download
Do You Want to Build a Test Lab?

Do You Want to Build a Test Lab?

You can get free Microsoft licenses from here:

https://www.microsoft.com/en-us/evalcenter/

You can configure a test domain using the Config-LabSystem.ps1 script and the associated UserList.csv below

Download

Additional Links

If you would like some recommendations for other sites to get great IT security information, click here.

Image

Get the book

Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them.

Image
applied-incident-response-logo.png

 

> Homepage  > About  > Resources  > Publications  > Contact Us  > Links

 

Copyright © APPLIED INCIDENT RESPONSE. All Rights Reserved.